Introduction

This is an effort to use and promote PKCS#11
as glue between crypto libraries and security applications on the open source
desktop.

On the desktop today we have a variety of technically excelent crypto
libraries (such as NSS, GnuTLS, OpenSSL etc.) The diversity allows each to
excel and progress in its area of focus. Applications choose to use different
crypto libraries for all sorts of good reasons.

Users suffer because the desktop lacks a consistent way to use certificates
or keys with all the various applications. For example different applications
look for their trust anchor certificates in different places, and configuring
each application with a client certificate is a laborious task.

Developers suffer because when an application needs to use security
(like TLS), the application needs to provide support for all sorts of
security configuration, cetrificate/key file locations, security exceptions,
smart cards, and so on. And so progress suffers because there's no foundation
for consistent place to store security stuff on the desktop.

PKCS#11 is a standard
for accessing crypto objects like keys and certificates and performing cryptographic
operations on them. It's often used together with smart cards.

By using PKCS#11 to provide a plugable way for crypto libraries and other
software to access keys, certificate, and things like trust anchors, we can
solve the above problems.

We can use PKCS#11 to make apps more secure (through the support use of
smart cards), more usable (through common storage), and easier to develop
(through standard ways to store and access crypto objects).